0
Fork 0
mirror of https://github.com/verdaccio/verdaccio.git synced 2024-12-23 22:27:34 -05:00
verdaccio/test/functional/package/access.js

100 lines
3.4 KiB
JavaScript
Raw Normal View History

2017-04-19 14:15:28 -05:00
'use strict';
2015-04-21 11:41:50 -05:00
2017-04-19 14:15:28 -05:00
module.exports = function() {
describe('package access control', function() {
const server = process.server;
const buildToken = (auth) => {
return `Basic ${(new Buffer(auth).toString('base64'))}`;
};
let oldAuth;
2015-04-21 11:41:50 -05:00
2017-04-19 14:15:28 -05:00
before(function() {
oldAuth = server.authstr;
2017-04-19 14:15:28 -05:00
});
2015-04-21 11:41:50 -05:00
2017-04-19 14:15:28 -05:00
after(function() {
server.authstr = oldAuth;
2017-04-19 14:15:28 -05:00
});
2015-04-21 11:41:50 -05:00
/**
* Check whether the user is allowed to fetch packages
* @param auth {object} disable auth
* @param pkg {string} package name
* @param ok {boolean}
*/
function checkAccess(auth, pkg, ok) {
2017-04-19 14:15:28 -05:00
it((ok ? 'allows' : 'forbids') +' access ' + auth + ' to ' + pkg, function() {
server.authstr = auth ? buildToken(auth) : undefined;
let req = server.getPackage(pkg);
2015-04-21 11:41:50 -05:00
if (ok) {
2017-04-19 14:15:28 -05:00
return req.status(404).body_error(/no such package available/);
2015-04-21 11:41:50 -05:00
} else {
2017-04-19 14:15:28 -05:00
return req.status(403).body_error(/not allowed to access package/);
2015-04-21 11:41:50 -05:00
}
2017-04-19 14:15:28 -05:00
});
2015-04-21 11:41:50 -05:00
}
/**
* Check whether the user is allowed to publish packages
* @param auth {object} disable auth
* @param pkg {string} package name
* @param ok {boolean}
*/
function checkPublish(auth, pkg, ok) {
2017-04-19 14:15:28 -05:00
it(`${(ok ? 'allows' : 'forbids')} publish ${auth} to ${pkg}`, function() {
server.authstr = auth ? buildToken(auth) : undefined;
const req = server.putPackage(pkg, require('../fixtures/package')(pkg));
2015-04-21 11:41:50 -05:00
if (ok) {
2017-04-19 14:15:28 -05:00
return req.status(404).body_error(/this package cannot be added/);
2015-04-21 11:41:50 -05:00
} else {
2017-04-19 14:15:28 -05:00
return req.status(403).body_error(/not allowed to publish package/);
2015-04-21 11:41:50 -05:00
}
2017-04-19 14:15:28 -05:00
});
2015-04-21 11:41:50 -05:00
}
// credentials
const badCredentials = 'test:badpass';
// test user is logged by default
const validCredentials = 'test:test';
// defined on server1 configuration
2017-04-19 14:15:28 -05:00
const testAccessOnly = 'test-access-only';
const testPublishOnly = 'test-publish-only';
const testOnlyTest = 'test-only-test';
const testOnlyAuth = 'test-only-auth';
2015-04-21 11:41:50 -05:00
// all are allowed to access
checkAccess(validCredentials, testAccessOnly, true);
checkAccess(undefined, testAccessOnly, true);
checkAccess(badCredentials, testAccessOnly, true);
checkPublish(validCredentials, testAccessOnly, false);
checkPublish(undefined, testAccessOnly, false);
checkPublish(badCredentials, testAccessOnly, false);
// all are allowed to publish
checkAccess(validCredentials, testPublishOnly, false);
checkAccess(undefined, testPublishOnly, false);
checkAccess(badCredentials, testPublishOnly, false);
checkPublish(validCredentials, testPublishOnly, true);
checkPublish(undefined, testPublishOnly, true);
checkPublish(badCredentials, testPublishOnly, true);
2015-04-21 11:41:50 -05:00
// only user "test" is allowed to publish and access
checkAccess(validCredentials, testOnlyTest, true);
checkAccess(undefined, testOnlyTest, false);
checkAccess(badCredentials, testOnlyTest, false);
checkPublish(validCredentials, testOnlyTest, true);
checkPublish(undefined, testOnlyTest, false);
checkPublish(badCredentials, testOnlyTest, false);
2015-04-21 11:41:50 -05:00
// only authenticated users are allowed
checkAccess(validCredentials, testOnlyAuth, true);
checkAccess(undefined, testOnlyAuth, false);
checkAccess(badCredentials, testOnlyAuth, false);
checkPublish(validCredentials, testOnlyAuth, true);
checkPublish(undefined, testOnlyAuth, false);
checkPublish(badCredentials, testOnlyAuth, false);
2017-04-19 14:15:28 -05:00
});
};